Home

Description

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-22 | Updated 2025-08-22 | Assigner mitre

References

github.com/jeecgboot/JeecgBoot/issues/8335

r4gd0ll.github.io/2025/JEECGBOOT_BYPASS_SQLInject.html

cve.org (CVE-2025-51825)

nvd.nist.gov (CVE-2025-51825)

Download JSON